Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

ngclient: Increase default max_root_rotations

Browse source 
this configuration variable controls how many root versions
the client will upgrade in a single refresh(). The idea is to prevent
a malicious repository from filling the disk with root versions.

We want a number that is high enough that a repository should not have
made that many roots in the time that clients take to update the "embedded"
root that the client shipped with ship with.

32 is small enough that a repository could reach it while clients with
v1 embedded in them are still in use. Let's bump to 256: this should be
plenty.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This commit is contained in:
Jussi Kukkonen 2024-07-17 11:50:43 +03:00
parent cb9694efa0
commit 6eaf405bd5
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
tuf/ngclient/config.py
View file

@ -44,7 +44,7 @@ class UpdaterConfig:
prefixed to ngclient user agent when the default fetcher is used.
"""
max_root_rotations: int = 32
max_root_rotations: int = 256
max_delegations: int = 32
root_max_length: int = 512000 # bytes
timestamp_max_length: int = 16384 # bytes